Jump to content

Riskware.BitcoinMiner Keep coming back after restart!

Agilaz
 Share

Recommended Posts

Agilaz

Agilaz

Posted
Posted

hello guys, i just bought my new pc  1 weeks ago for somehow my pc affected with this bitcoin miner virus, i have try so many antivirus but still the same, after being remove using malwarebytes, the virus will coming back after i restart or shutdown my pc ! But i dont want to fromat my pc, can u guys help me please!!!

sorry for my bad english.

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hello, Welcome to Malwarebytes.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

We need more information.

Download the Farbar Recovery Scan Tool (FRST).
Choose the 32 or 64 bit version for your system.
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.
Click Attach this file.
Click the Add reply button.
===

Please post the logs  for my review.

Wait for further instructions

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Remove this program in bold via the Control Panel > Programs > Programs and Features.
CPUID CPU-Z 1.79.1 (HKLM\...\CPUID CPU-Z_is1) (Version:  - ) <==== ATTENTION
Your copy is not signed and could be compromised.
If you need it please download the latest version from this site.
https://www.cpuid.com/
Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Please download the attached Fixlist.txt file to  the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the Fixlog.txt and let me know what problem persists.

fixlist.txt

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

No sign of Epic in your logs.

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

===

Keep me posted.

As for what is being reported by Spyhunter you can check with them and check if what is reported are false positives or not.

Link to post
Share on other sites
Agilaz

Agilaz

Posted
  • Author
Posted
11 minutes ago, nasdaq said:

Hi,

No sign of Epic in your logs.

If the problem persists IN CHROME and you Sync Chrome with other devices reset the Sync.

Read this article and proceed.

Chrome Secure Preferences detection always comes back
https://forums.malwarebytes.com/topic/214325-chrome-secure-preferences-detection-always-comes-back/

===

Keep me posted.

As for what is being reported by Spyhunter you can check with them and check if what is reported are false positives or not.

hye,

i already check my google chrome, my chrome is not sync at all.

any others option how to fix this?

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

If the folders in bold still in the computer delete them.
c:\Users\Admin\AppData\local\EpicNet

and 

c:\Users\Admin\AppData\Roaming\EpicNet

===

If not lets check the Registry.

Run the Farbar program .exe as an Administrator.

In the Search text area, copy and paste the following:
EpicNet
Once done, click on the Search Registry button and wait for FRST to finish the search
On completion, a log will open in Notepad. Copy and paste its content in your next reply
====

Link to post
Share on other sites
nasdaq

nasdaq

Posted
Posted

Hi,

Try this.

Open Malwarebytes Anti-Malware.

On the Settings tab > Protection Scroll to and make sure the following are selected: Scroll to and make sure the following are selected:
Scan for Rootkits
Scan within Archives

Scroll further to Potential Threat Protection make sure the following are set as follows:

Potentially Unwanted Programs (PUP`s)        set as :- Always detect PUP`s (recommended)
Potentially Unwanted Modifications (PUM`s)  set as :- Always detect PUM`s (recommended)

Click on the Scan make sure Threat Scan is selected,

A Threat Scan will begin.

When the scan is complete if anything is found make sure that the first checkbox at the top is checked (that will automatically check all detected items), then click on the Quarantine Selected Tab

If asked to restart your computer to complete the removal, please do so

When complete click on Export Summary after deletion (bottom-left corner) and select Copy to Clipboard.

Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more to retrieve the log.

To get the log from Malwarebytes do the following:

Click on the Reports tab > from main interface.
Double click on the Scan log which shows the Date and time of the scan just performed.
Click Export > From export you have two options: > From export you have two options:
  Copy to Clipboard - if selected right click to your reply and select "Paste" log will be pasted to your reply
  Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
 
Use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply.
===

If the problem persists start an new topic in the Support Forum.
https://forums.malwarebytes.com/forum/41-malwarebytes-3-support-forum/

An expert will find out why this is not deleted.

Link to post
Share on other sites
  • 3 weeks later...
  • Root Admin
AdvancedSetup

AdvancedSetup

Posted
  • Root Admin
Posted

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this topic with your request.

This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread.

Thanks

 

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept